Researchers propose a way to use your heartbeat as a password

Researchers at Binghamton State University in New York think your heart could be the key to your personal data. By measuring the electrical activity of the heart, researchers say they can encrypt patients’ health records.

The fundamental idea is this: In the future, all patients will be outfitted with a wearable device, which will continuously collect physiological data and transmit it to the patients’ doctors. Because electrocardiogram (ECG) signals are already collected for clinical diagnosis, the system would simply reuse the data during transmission, thus reducing the cost and computational power needed to create an encryption key from scratch.

“There have been so many mature encryption techniques available, but the problem is that those encryption techniques rely on some complicated arithmetic calculations and random key generations,” said Zhanpeng Jin, a co-author of the paper “A Robust and Reusable ECG-based Authentication and Data Encryption Scheme for eHealth Systems.”

Those encryption techniques can’t be “directly applied on the energy-hungry mobile and wearable devices,” Jin added. “If you apply those kinds of encryptions on top of the mobile device, then you can burn the battery very quickly.”

But there are drawbacks. According to Jin, one of the reasons ECG encryption has not been widely adopted is because it’s generally more sensitive and vulnerable to variations than some other biometric measures. For instance, your electrical activity could change depending on factors such as physical exertion and mental state. Other more permanent factors such as age and health can also have an effect.

“ECG itself cannot be used for a biometric authentication purpose alone, but it’s a very effective way as a secondary authentication,” Jin said.

While the technology for ECG encryption is already here, its adoption will depend on patients’ willingness to don wearables and on their comfort with constantly sharing their biometrics.